#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ipt_iprange.h>
MODULE_LICENSE("GPL");
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
+ const struct xt_match *match,
const void *matchinfo,
int offset, unsigned int protoff, int *hotdrop)
{
const struct ipt_iprange_info *info = matchinfo;
- const struct iphdr *iph = skb->nh.iph;
+ const struct iphdr *iph = ip_hdr(skb);
if (info->flags & IPRANGE_SRC) {
if (((ntohl(iph->saddr) < ntohl(info->src.min_ip))
DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
"%u.%u.%u.%u-%u.%u.%u.%u\n",
NIPQUAD(iph->saddr),
- info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
+ info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
NIPQUAD(info->src.min_ip),
NIPQUAD(info->src.max_ip));
return 0;
DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
"%u.%u.%u.%u-%u.%u.%u.%u\n",
NIPQUAD(iph->daddr),
- info->flags & IPRANGE_DST_INV ? "(INV) " : "",
+ info->flags & IPRANGE_DST_INV ? "(INV) " : "",
NIPQUAD(info->dst.min_ip),
NIPQUAD(info->dst.max_ip));
return 0;
return 1;
}
-static int check(const char *tablename,
- const void *inf,
- void *matchinfo,
- unsigned int matchsize,
- unsigned int hook_mask)
-{
- /* verify size */
- if (matchsize != IPT_ALIGN(sizeof(struct ipt_iprange_info)))
- return 0;
-
- return 1;
-}
-
-static struct ipt_match iprange_match =
-{
- .list = { NULL, NULL },
- .name = "iprange",
- .match = &match,
- .checkentry = &check,
- .destroy = NULL,
- .me = THIS_MODULE
+static struct xt_match iprange_match = {
+ .name = "iprange",
+ .family = AF_INET,
+ .match = match,
+ .matchsize = sizeof(struct ipt_iprange_info),
+ .me = THIS_MODULE
};
-static int __init init(void)
+static int __init ipt_iprange_init(void)
{
- return ipt_register_match(&iprange_match);
+ return xt_register_match(&iprange_match);
}
-static void __exit fini(void)
+static void __exit ipt_iprange_fini(void)
{
- ipt_unregister_match(&iprange_match);
+ xt_unregister_match(&iprange_match);
}
-module_init(init);
-module_exit(fini);
+module_init(ipt_iprange_init);
+module_exit(ipt_iprange_fini);